Date: Sun, 05 Aug 2001 18:58:00 -0400 From: "Tommy Forrest - KE4PYM" <tforrest@shellworld.net> To: "questions@FreeBSD.ORG" <questions@FreeBSD.ORG> Subject: ARRRRGH *WHAT* Am I doing wrong with IPFW, NAT and PPP? Message-ID: <200108052256.SAA16775@ns.shellworld.net>
next in thread | raw e-mail | index | archive | help
I've been at this too long. I must say, it is *MUCH* easier to setup 2 NICs to do NAT than it is with dialup. I am following the manual in http://www.freebsd.org/tutorials/dialup-firewall/index.html for using IPFW for NAT and PPP. I can get the FreeBSD 4.3-RELEASE box to dial out using "ppp" then "dial" (i do not want PPP dialing on demand). The FBSD box can access the net just fine. I have ep0. ep0 is 10.0.1.254. I have dhpcd running on ep0. Devices connected to ep0 get their IP addresses. Devices connected to ep0 can ping 10.0.1.254. But they cannot get out to the net at large. All of the required items such as ipdivert, etc are added to the kernel. tun0 is the active device when using "ifconfig -a" Any and all ideas are welcome. I sure am about to go insane. Contents of rc.conf: ##General Network Config hostname="pressure.dyndns.org" network_interfaces="ep0 tun0 lo0" ifconfig_ep0="inet 10.0.1.254" ifconfig_tun0="" ifconfig_lo0="inet 127.0.0.1" inetd_enable="YES" kern_securelevel_enable="NO" sendmail_enable="YES" sshd_enable="YES" ##NATd Stuff firewall_enable="YES" firewall="OPEN" firewall_script="/etc/rc.firewall" natd_enable="YES" natd_interface="tun0" natd_flags="-dynamic" ##PPP Setup Information ppp_enable="YES" ppp_mode="AUTO" ppp_profile="default" ### Network Time Services options: ### xntpd_enable="YES" xntpd_program="ntpd" xntpd_flags="-p /var/run/ntpd.pid" Contents of rc.firewall /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via tun0 **other parts chopped out* Contents of ppp.conf # PPP Configuration default: set log Phase Chat LCP IPCP CCP tun command set device /dev/cuaa1 set speed 115200 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNE$ set redial 3 10 disable pred1 deny pred1 disable lqr deny lqr set authname ausername set authkey apassword set phone 123-4567 set timeout 600 Tommy Forrest - KE4PYM - tforrest@shellworld.net http://www.shellworld.net/~tforrest And now, its time, for some useless, bandwidth wasting words of wisdom: "Do your parents *know* you are Ramones?" - Ms. Togar PGP Public Key Fingerprint: B9ED C46F C92E 0101 4B4C BFC1 907C A0D0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108052256.SAA16775>